System information
PIN Generator
For the Certificate System to use the UidPwdPinDirAuth authentication plug-in module, the
authentication directory must contain unique PINs for each end entity which will be issued a
certificate. The Certificate System provides a tool, the PIN Generator, which generates unique
PINs for end-entity entries in an LDAP directory. The tool stores these PINs as hashed values in
the same directory against the corresponding user entries. It also copies the PINs to a text file
so that the PINs can be sent to the end entities.
1. The setpin Command
This chapter describes the syntax and arguments of the setpin tool and the expected
responses. For information on generating and storing PINs in the user authentication directory,
see the Certificate System Administration Guide.
1.1. Editing the setpin.conf Configuration File
The setpin tool can use a configuration file, setpin.conf, to store some of its required
options. Before running setpin, modify this file to reflect the directory information, and set the
setpin tool to use this file by doing the following:
1. Open the setpin.conf file.
cd /usr/lib/rhpki/native-tools
vi setpin.conf
2. Edit the directory parameters in the file to match the directory installation information.
#------- Enter the hostname of the LDAP server
host=localhost
#------- Enter the port number of the LDAP server
port=389
#------- Enter the DN of the Directory Manager user
binddn=CN=Directory Manager
#------- Enter the password for the Directory manager user
bindpw=
# Enter the DN and password for the new pin manager user
pinmanager=cn=pinmanager,o=example.com
pinmanagerpwd=
# Enter the base over which this user has the power
# to remove pins
basedn=ou=people,o=example.com
Chapter 6.
21